How We Rebuilt a Private Cloud Platform to Supercharge Developer Efficiency

Platform Overview

The HUP (Efficiency Platform) is a unified service‑governance hub that covers the entire product lifecycle—from source‑code commit to production operation. It provides a developer workstation, a visual efficiency dashboard, and a set of core services such as SSO, permission management, work‑order processing, cross‑platform UI integration, cloud‑native development workspaces, and a GitOps‑based deployment pipeline.

Single Sign‑On (SSO)

Authentication is handled by Authelia using a shared top‑level domain cookie. A user logs in once for any sub‑domain under *.example.net; logout destroys the cookie across all services. Integration with LDAP supplies centralized user data, while optional JWT support can be enabled for high‑traffic scenarios.

Organization & Permission Management

Organizational data from DingTalk is synchronized to generate dynamic user‑group relationships. Permissions follow an RBAC model that maps each RESTful API endpoint to a specific menu item. For future fine‑grained control, an ABAC (Attribute‑Based Access Control) extension is planned to restrict access at the pod level.

Work‑Order Engine

The work‑order system supports configurable approval flows, dynamic reviewer selection, hook callbacks, drag‑and‑drop flow design, and mobile approval. It standardizes change management for configuration updates, code releases, and operational tasks.

Cross‑Platform UI Shell

A lightweight JavaScript shell provides a three‑pane layout (left navigation, top navigation, main content). The SSO cookie enables seamless embedding of third‑party tools such as Grafana, Sentry, and SonarQube. The shell adapts external styles to the platform theme, eliminating context‑switching for developers.

Cloud‑Native Development Workspace

A browser plugin intercepts IDE traffic and redirects it to a Kubernetes‑based workspace. The workspace uses shared storage for dependencies while isolating each developer’s code directory, offering instant hot‑reload and debugging without local environment drift.

GitOps Deployment Pipeline

After successful tests, a Git tag triggers a GitLab CI pipeline that builds a Docker image, pushes it to Harbor, and updates the ArgoCD manifest repository. ArgoCD continuously watches the manifest repo and rolls out changes to target clusters.

# Example trigger
git tag v1.2.3
git push origin v1.2.3

Release Engineering Refactor

The release workflow consolidates code, configuration, message‑queue, and script changes into a single, immutable pipeline built on Argo Workflow with a custom controller and event bus for plug‑in extensibility. It supports parallel releases across multiple clusters and replayable pipelines.

Metrics‑Driven Development (MDD)

Every component emits health metrics (latency, error rate, availability) and value metrics (usage frequency, business impact). These metrics feed dashboards that guide iterative improvements and validate the effect of platform changes.

Infrastructure Foundations

Golang‑based microservice framework for core services.

Authelia SSO with LDAP/OAuth/JWT integration.

Low‑code CRUD pages built on Baidu AMIS for rapid UI development.

Key Open‑Source Integrations

Grafana, Sentry, SonarQube embedded via the UI shell.

Nocalhost provides the cloud‑native development workspace; it uses Kubernetes Service routing and can be extended to support Eureka‑based service discovery.

Roadmap Highlights

Incremental delivery focused on high‑frequency scenarios.

ABAC support for pod‑level access control.

Extension to public‑cloud and edge‑computing deployments.